Hi Daniel

Since we will be launching SPDX at LinuxCOn Vancouver, we are also planning
to schedule a BOF to discuss SPDX.

I may have an extra pass for you -- I think we get 5 with our sponsorship
and won't need them all.

Kim



On Fri 7/1/11 1:03 PM, "D M German" <dmg@...> wrote:

Hi everybody,

Is there any plan to have a face-to-face meeting in Vancouver during
LinuxCon? For me it is very close, so I'll be interested in doing so,
even informally.

I am probably not going to register for LinuxCon (too expensive for me,
but if anybody donates me a pass, I'll be happy to take it :)

--dmg

--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic

hi everybody,

We (the research team I am part of, which includes Armijn) have being
building a method/tool to identify dependencies in binaries by observing
the build process.

One of the test cases we are using is ffmpeg. What makes ffmpeg
interesting is that it can be configured and build under three different
licenses: LGPLv2.1+, GPLv2+, or GPLv3+.

How? you pass a parameter at compilation time that indicates which
license you want (by default lgplv2.1+).

How would this be described in SPDX?

A similar licensing scheme is the FreeBSD kernel. By default is BSD-3 (if
I remember correctly) but it can be compiled as GPLv2+.

--dmg


--
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .

Hi everybody,

Is there any plan to have a face-to-face meeting in Vancouver during
LinuxCon? For me it is very close, so I'll be interested in doing so,
even informally.

I am probably not going to register for LinuxCon (too expensive for me,
but if anybody donates me a pass, I'll be happy to take it :)

--dmg

--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .

I performed a system upgrade (Debian 5.0 to 6.0) on the server hosting
FOSSBazaar and SPDX. If you notice and problems with the web site or
mailing lists, please let me know.

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard

9:00 AM - 10:30 AM July 7, 2011
Location: See below

This replaces our biz team meeting on this day.  We'd like participation
from tech and legal teams to.

First hour will be Beta feedback
Last half hour will be review of ideas from team working on Web Site
redesign

Kim


US  866-740-1260
Int'l  http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

We will replace this meeting with Beta feedback meeting for this one date.

Kim

-----



US  866-740-1260
Int'l  http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

Agenda
We will be covering several areas on the rollout plan.

1. Beta process
2. User Content - what is needed
3. Evangelism and outreach

Hi all

We will have a call to review all of the SPDX Beta feedback on Jul 7 at 11 ET/8PT.    We will try to get all of the Beta participants on the call.  In advance of the call, we will try to get Beta feedback sent out on the email lists.  I’m inviting all of the teams, since it will be important to have representation from all the workstreams.

This will replace the Business call for that date.  We will also extend the time by a half hour so that we can also cover feedback from the website redesign team.

Look for the invite, and please attend!

Kim







Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410  |  cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic

Hi.

(I'm new here, so pardon me if this is some kind of FAQ.)

The SPDX acronym looks quite general, and the charter doesn't seem to
limit itself to licensing/copyright matters.

However, looking at the material online, it seems to me that it is the
main area of development of SPDX.

Are there other matters on the work bench ? For instance, I'm working on
standardization of the interfaces of tools used by FLOSS developers, and
SPDX looks like a major stepping stone for fostering interoperability in
the development / QA process, just as it provides a clean reference for
identification of packages (licensing issues aside). Think about tracing
which distribution packages contain copies of a particular version of a
package that exhibits a bug, etc.

Is there a summary of the different other aspects SPDX will be
addressing, after 1.0, beyond licensing ?

Thanks in advance.

Best regards,
--
Olivier BERGER <olivier.berger@...>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)

Here's another update on the mailing list numbers:

spdx: 105
spdz-biz: 21
spdx-legal: 29
spdx-tech: 26

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard

Hi everyone,

this is a spin off of a discussion I was having with Peter and Garry
on the tech mailing list. I am considering how SPDX could form the
basis for the following example use case:

Customer A ordering a software with company B. B's software is closed
source but contains one file under 3-clause BSD. When A gets the
executable he may still have 'open source obligations' (like
e.g. non-endorsement) from the software even though not actually
receiving code. In fact in the scenario outlined here A might not even
be entitled to ever see/receive that sourcecode.

Still A of course needs to know about the licenses in play (besides
those agreed on between A and B upfront) and he might also want to
know about possible copyright holders.

So, I think what I am describing here can be clearly achieved with a
subset of SPDX, as your work has been really diligent. So I would like
to discuss with you
* whether the usecase makes sense, needs amendment or whether there
are similar use cases that I did not address here which could be
relevant as well
* how such a subset could look like. A subset would necessarily imply
changed cardinalities in the SPDX Spec and this would need to be part
of SPDX tooling in the long run. This is why I think one could also
describe this as an "SPDX Profile".


I may still need some time for this, but I can offer to come up with a
draft for requirement and then also a subset if this is something you
feel SPDX could support.

Best regards,
Mario

--
BMW Car IT GmbH
http://www.bmw-carit.de

Yes, I have added this to my list of updates for the next license list
spreadsheet version.

This also makes me wonder if there are other "older" licenses that were OSI
certified and I may have missed, so I'll check the list of such licenses on
the OSI website against our list to be consistent.




On 5/31/11 8:12 AM, "Martin Michlmayr" <tbm@...> wrote:

* Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]:

BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0?

This license is superceeded but it is used for the korn shell and other AT&T
software and for this reason, it is important to see that it is OSI approved.

Jilayne, are you the right person to take care of this?

For the overview table http://spdx.org/licenses/ it would also be
nice to have a one character marker column that flags wether a
license is OSI approved or not.

Gary, is this something you can add to your tool?

Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021

I will make sure the appropriate change is included in the next version of
the license list spreadsheet, which should be relatively soon!

Jilayne


On 5/31/11 8:12 AM, "Martin Michlmayr" <tbm@...> wrote:

* Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]:

BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0?

This license is superceeded but it is used for the korn shell and other AT&T
software and for this reason, it is important to see that it is OSI approved.

Jilayne, are you the right person to take care of this?

For the overview table http://spdx.org/licenses/ it would also be
nice to have a one character marker column that flags wether a
license is OSI approved or not.

Gary, is this something you can add to your tool?

Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021

agreed.

--
Motorola Inc.
E.A. Rockett
Senior Counsel
Software, Applications &
Digital Content Licensing
(408)541-6703 (O)
(408)541-6900 (F)
(415)508-7625 (M)
rockett@...

Hi Martin,

it will also help to have a simple tar file with all the licenses,
each in its own file, and without the HTML tagging.
Basically, the actual text of the license.

--dmg

--
--dmg

---
Daniel M. German
http://turingmachine.org